Merge pull request #16598 from MicrosoftDocs/main

Publish main to live, Tuesday 5:00 PM IST, 11/12

memdocs/configmgr/comanage/workloads.md

@@ -152,6 +152,8 @@ For more information on the Intune feature, see [What is Microsoft Intune app ma
 
 When you enable Microsoft Connected Cache on your Configuration Manager distribution points, they can serve Microsoft Intune Win32 apps to co-managed clients. For more information, see [Microsoft Connected Cache with Configuration Manager](../core/plan-design/hierarchy/microsoft-connected-cache.md#support-for-intune-win32-apps).
 
+For example, if you wish to deploy the new Store applications (winget) via Microsoft Intune, you need to switch this workload. 
+
 ## Diagram for app workloads
 
 :::image type="content" source="media/co-management-apps.svg" alt-text="Diagram of co-management app workloads." lightbox="media/co-management-apps.svg":::

memdocs/configmgr/core/plan-design/configs/supported-operating-systems-for-clients-and-devices.md

@@ -67,8 +67,10 @@ For more information, see the following articles:
 ### Supported server OS versions
 
 - **Windows Server 2022**: IoT, Standard, Datacenter (_starting in Configuration Manager version 2107_)<!-- 10200029 -->
+    - *Windows Server IoT 2022 for Storage* is not supported
 
-- **Windows Server 2019**: IoT, Standard, Datacenter 
+- **Windows Server 2019**: IoT, Standard, Datacenter
+    - *Windows Server IoT 2019 for Storage* is not supported
 
 - **Windows Server 2016**: Standard, Datacenter 
 

memdocs/configmgr/core/plan-design/hierarchy/accounts.md

@@ -364,7 +364,7 @@ The site server uses the **Exchange Server connection account** to connect to th
 
 ### Management point connection account
 
-The management point uses the **Management point connection account** to connect to the Configuration Manager site database. It uses this connection to send and retrieve information for clients. The management point uses its computer account by default, but you can configure an alternate service account instead. When the management point is in an untrusted domain from the site server, you must specify a alternate service account.
+The management point uses the **Management point connection account** to connect to the Configuration Manager site database. It uses this connection to send and retrieve information for clients. The management point uses its computer account by default, but you can configure an alternate service account instead. When the management point is in an untrusted domain from the site server, you must specify an alternate service account.
 
   > [!NOTE]
   > For enhanced security posture it is recommended to leverage alternate service account rather than Computer account for ‘Management point connection account’.
@@ -391,7 +391,11 @@ For more information, see [Use multicast to deploy Windows over the network](../
 
 ### Network access account
 
-Client computers use the **network access account** when they can't use their local computer account to access content on distribution points. It mostly applies to workgroup clients and computers from untrusted domains. This account is also used during OS deployment, when the computer that's installing the OS doesn't yet have a computer account on the domain.
+Client computers use the **network access account** when they can't use their local computer account to access content on distribution points. It mostly applies to workgroup clients and computers from untrusted domains.
+This account is also used during OS deployment, when the computer that's installing the OS doesn't yet have a computer account on the domain.
+
+> [!NOTE]
+> Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts.
 
 > [!IMPORTANT]
 > The network access account is never used as the security context to run programs, install software updates, or run task sequences. It's used only for accessing resources on the network.
@@ -441,7 +445,6 @@ The network access account is still required for the following actions (includin
 
 - Task Sequence properties setting to **Run another program first**. This setting runs a package and program from a network share before the task sequence starts. For more information, see [Task sequences properties: Advanced tab](../../../osd/deploy-use/manage-task-sequences-to-automate-tasks.md#advanced-tab).
 
-- Managing clients in untrusted domains and cross-forest scenarios allows for multiple network access accounts.
 
 ### Package access account
 
@@ -746,7 +749,7 @@ Configuration Manager grants access to the account used for the reporting servic
 
 ## Elevated permissions
 
-Configuration Manager requires some accounts to have elevated permissions for on-going operations. For example, see [Prerequisites for installing a primary site](../../servers/deploy/install/prerequisites-for-installing-sites.md#bkmk_PrereqPri). The following list summarizes these permissions and the reasons why they're needed.
+Configuration Manager requires some accounts to have elevated permissions for ongoing operations. For example, see [Prerequisites for installing a primary site](../../servers/deploy/install/prerequisites-for-installing-sites.md#bkmk_PrereqPri). The following list summarizes these permissions and the reasons why they're needed.
 
 - The computer account of the primary site server and central administration site server requires:
 

memdocs/configmgr/core/plan-design/network/internet-endpoints.md

@@ -188,6 +188,8 @@ If you use Configuration Manager to deploy and update Microsoft 365 Apps for ent
 
 - `contentstorage.osi.office.net` to support the evaluation of Office add-in readiness<!-- MEMDocs#410 -->
 
+- `clients.config.office.net` to retrieve the names of the files needed for a particular Microsoft 365 Apps update. For more information, see [Using the Microsoft 365 Apps file list API](/office/client-developer/shared/manageability-applications-with-the-office-365-click-to-run-installer#using-the-microsoft-365-apps-file-list-api).
+
 Your top-level site server needs access to the following endpoint to download the Microsoft Apps 365 readiness file:
 
 - Starting March 2, 2021: `https://omex.cdn.office.net/mirrored/sccmreadiness/SOT_SCCM_AddinReadiness.CAB`

memdocs/configmgr/core/servers/manage/modify-your-infrastructure.md

@@ -79,7 +79,7 @@ For example, you install the Configuration Manager console from a site server th
 
 Each time the Configuration Manager console opens:
 
-- Tt determines the configured language settings for the computer
+- It determines the configured language settings for the computer
 - Verifies whether an associated language pack is available for the Configuration Manager console
 - Opens the console by using the appropriate language pack
 
@@ -381,4 +381,4 @@ You can modify these values or disable alerts for each site:
 
 You may need to uninstall a Configuration Manager site system role, site, or hierarchy. For more information, see [Uninstall roles, sites, and hierarchies](../deploy/install/uninstall-sites-and-hierarchies.md).
 
-Starting in version 2002, you can also remove the CAS from a hierarchy, but keep the primary site. For more information, see [Remove the CAS](../deploy/install/remove-central-administration-site.md).
+Starting in version 2002, you can also remove the CAS from a hierarchy, but keep the primary site. For more information, see [Remove the CAS](../deploy/install/remove-central-administration-site.md).

memdocs/configmgr/protect/deploy-use/endpoint-protection-client-faq.yml

@@ -24,26 +24,26 @@ sections:
       - question: |
           Why do I need antivirus and antispyware software?  
         answer: |
-           It is critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer any time you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software, can also be programmed to run at unexpected times, not just when it is installed.  
+           It's critical to make sure that your computer is running software that protects against malicious software. Malicious software, which includes viruses, spyware, or other potentially unwanted software can try to install itself on your computer anytime you connect to the Internet. It can also infect your computer when you install a program using a CD, DVD, or other removable media. Malicious software can also be programmed to run at unexpected times, not just when it's installed.  
           
            Windows Defender or Endpoint Protection offers three ways to help keep malicious software from infecting your computer:  
           
-           -   **Using real-time protection** - Real-time protection enables Windows Defender to monitor your computer all the time and alert you when malicious software, including viruses, spyware, or other potentially unwanted software attempts to install itself or run on your computer. Windows Defender then suspends the software and enables you to you to follow its recommendation on the software or take an alternative action.
+           -   **Using real-time protection** - Real-time protection enables Windows Defender to monitor your computer all the time and alert you when malicious software, including viruses, spyware, or other potentially unwanted software attempts to install itself or run on your computer. Windows Defender then suspends the software and enables you to follow its recommendation on the software or take an alternative action.
           
            -   **Scanning options** - You can use Windows Defender to scan for potential threats, such as viruses, spyware, and other malicious software that might put your computer at risk. You can also use it to schedule scans on a regular basis and to remove malicious software that is detected during a scan.  
           
-           -   **Microsoft Active Protection Service community** - The online Microsoft Active Protection Service community helps you see how other people respond to software that has not yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do.  
+           -   **Microsoft Active Protection Service community** - The online Microsoft Active Protection Service community helps you see how other people respond to software that hasn't yet been classified for risks. You can use this information to help you choose whether to allow this software on your computer. In turn, if you participate, your choices are added to the community ratings to help other people decide what to do.  
           
       - question: |
           How can I tell if my computer is infected with malicious software?  
         answer: |
            You might have some form of malicious software, including viruses, spyware, or other potentially unwanted software, on your computer if:  
           
-           -   You notice new toolbars, links, or favorites that you did not intentionally add to your Web browser.  
+           -   You notice new toolbars, links, or favorites that you didn't intentionally add to your Web browser.  
           
            -   Your home page, mouse pointer, or search program changes unexpectedly.  
           
-           -   You type the address for a specific site, such as a search engine, but you are taken to a different Web site without notice.  
+           -   You type the address for a specific site, such as a search engine, but you're taken to a different Web site without notice.  
           
            -   Files are automatically deleted from your computer.  
           
@@ -65,7 +65,7 @@ sections:
         answer: |
            If Windows Defender detects malicious software or potentially unwanted software on your computer (either when monitoring your computer using real-time protection or after running a scan), it notifies you about the detected item by displaying a notification message in the bottom right-hand corner of your screen.  
           
-           The notification message includes a **Clean computer** button and a **Show details** link that lets you view additional information about the detected item. Click the **Show details** link to open the **Potential threat details** window to get additional information about the detected item. You can now choose which action to apply to the item, or click **Clean computer**. If you need help determining which action to apply to the detected item, use the alert level that Windows Defender assigned to the item as your guide (for more information see, Understanding alert levels).  
+           The notification message includes a **Clean computer** button and a **Show details** link that lets you view additional information about the detected item. Click the **Show details** link to open the **Potential threat details** window to get additional information about the detected item. You can now choose which action to apply to the item, or click **Clean computer**. If you need help with determining which action to apply to the detected item, use the alert level that Windows Defender assigned to the item as your guide (for more information see, Understanding alert levels).  
           
            Alert levels help you choose how to respond to viruses, spyware, and other potentially unwanted software. While Windows Defender will recommend that you remove all viruses and spyware, not all software that is flagged is malicious or unwanted. The following information can help you decide what to do if Windows Defender detects potentially unwanted software on your computer.  
           
@@ -110,7 +110,7 @@ sections:
         answer: |
            Both viruses and spyware are installed on your computer without your knowledge and both have the potential to be intrusive and destructive. They also have the ability to capture information on your computer and damage or delete that information. They both can negatively affect your computer's performance.  
           
-           The main differences between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it is there.  
+           The main difference between viruses and spyware is how they behave on your computer. Viruses, like living organisms, want to infect a computer, replicate, and then spread to as many other computers as possible. Spyware, however, is more like a mole - it wants to "move into" your computer and stay there as long as possible, sending valuable information about your computer to an outside source while it's there.  
           
       - question: |
           Where do viruses, spyware, and other potentially unwanted software come from?  
@@ -125,7 +125,7 @@ sections:
       - question: |
           Why is it important to review license agreements before installing software?  
         answer: |
-          When you visit websites, do not automatically agree to download anything the site offers. If you download free software, such as file sharing programs or screen savers, read the license agreement carefully. Look for clauses that say that you must accept advertising and pop-ups from the company, or that the software will send certain information back to the software publisher.  
+          When you visit websites, don't automatically agree to download anything the site offers. If you download free software, such as file sharing programs or screen savers, read the license agreement carefully. Look for clauses that say that you must accept advertising and pop-ups from the company, or that the software will send certain information back to the software publisher.  
 
       - question: |
           Why doesn't Windows Defender detect cookies?  
@@ -145,12 +145,12 @@ sections:
           
            -   If you receive an e-mail with an attachment and you're unsure of the source, then you should delete it immediately. Don't download any applications or files from unknown sources, and be careful when trading files with other users.  
           
-           -   Install and use a firewall. It is recommended that you enable Windows Firewall.  
+           -   Install and use a firewall. It's recommended that you enable Windows Firewall.  
           
       - question: |
           What are virus and spyware definitions?  
         answer: |
-         When you use Windows Defender or Endpoint Protection, it is important to have up-to-date virus and spyware definitions. Definitions are files that act like an ever-growing encyclopedia of potential software threats. Windows Defender or Endpoint Protection uses definitions to determine if software that it detects is a virus, spyware, or other potentially unwanted software, and then to alert you to potential risks. To help keep your definitions up to date, Windows Defender or Endpoint Protection works with Microsoft Update to install new definitions automatically as they are released. You can also set Windows Defender or Endpoint Protection to check online for updated definitions before scanning.  
+         When you use Windows Defender or Endpoint Protection, it's important to have up-to-date virus and spyware definitions. Definitions are files that act like an ever-growing encyclopedia of potential software threats. Windows Defender or Endpoint Protection uses definitions to determine if software that it detects is a virus, spyware, or other potentially unwanted software, and then to alert you to potential risks. To help keep your definitions up to date, Windows Defender or Endpoint Protection works with Microsoft Update to install new definitions automatically as they're released. You can also set Windows Defender or Endpoint Protection to check online for updated definitions before scanning.  
 
       - question: |
           How do I keep virus and spyware definitions up to date?  
@@ -236,12 +236,23 @@ sections:
            -   Yellow indicates that your computer's status is "potentially unprotected."  
           
            -   Red indicates that your computer's status is "at risk."  
-          
+      - question: |
+          Can you describe a little bit what protected, potentially protected or at risk means?
+        answer: |
+
+          Depending whether Defender or another antivirus product is being used as primary provider, the general states above represented by a color show the overall assessment of the security state of the device.
+          In case of security level being satisfactory, a green label will be provided.
+
+          The "potentially unprotected" state is mostly due to settings - not directly impacting detection - not being set to the recommended security level. For example, in Defender case, a quick scan didn't run in a while, or cloud protection is turned off. 
+          In the case of another antivirus, those states are reported via Security Center and could be in basically the following categories - a scan is recommended, settings change is recommended or an update is recommended.
+
+          The "at risk" status represents serious security issues, such as a malware detection, software out of date or antivirus not running at all. In the case of another Antivirus that could mean license has expired.
+
       - question: |
            How to set up Windows Defender or Endpoint Protection alerts?  
         answer: |
 
-           When Windows Defender is running on your computer, it automatically alerts you if it detects viruses, spyware, or other potentially unwanted software. You can also set Windows Defender to alert you if you run software that has not yet been analyzed, and you can choose to be alerted when software makes changes to your computer.  
+           When Windows Defender is running on your computer, it automatically alerts you if it detects viruses, spyware, or other potentially unwanted software. You can also set Windows Defender to alert you if you run software that hasn't yet been analyzed, and you can choose to be alerted when software makes changes to your computer.  
 
            ### To set up alerts